Hackers turn US health services site into online Ugg boots store

Hackers turn US health services site into online Ugg boots store

Image of Ugg boots courtesy of Flickr user marie-II under Creative Commons licenseFor at least the past two months, scammers have been hawking football shirts, Ugg shoes and Armani perfume from hacked US government pages that are actually supposed to provide services such as mental health counseling, suicide prevention and help for drug addicts, the Weekly Standard reported on Friday.

The hacked website pages, many of which are now showing 404 “page not found” errors, belong to the Substance Abuse and Mental Health Services Administration (SAMHSA).

SAMHSA is an agency of the US Department of Health and Human Services (HHS) and is responsible for running the new Obamacare insurance marketplace, Healthcare.gov.

The hacked pages were hawking merchandise such as National Football League (NFL) jerseys, Ugg shoes and Armani goods – specifically, fragrances, the Weekly Standard reports.

Weekly Standard’s site features screen captures of the various pages.

Partial screenshot of SAMHSA's hacked website from 28 September 2013

This is a partial screen snapshot of http://nace.samhsa.gov/images/img5/index.asp as it appeared on 28 September 2013. The whole thing can be seen here.

According to the Weekly Standard, clicking on the hacked pages in some cases took users directly to an external website, while at other times, certain functions seemed to operate within the samhsa.gov site itself.

The news site found that at the time it investigated the hacked sites, two domains were registered in the United States and one was registered in China.

All of the hacked pages that the Weekly Standard uncovered were under the subdomain nace.samhsa.gov, which is the Native American Center for Excellence. As of Monday morning, the main site was showing a message saying that it was undergoing maintenance.

The first breach dates back to 29 July 2013.

After the story was initially posted, the nace.samhsa.gov site returned an error message saying that the site could not be found, but the message later changed to this message, replete with a suspicious misspelling:

This site is undgoing maintenance. We are sorry for any inconvenience this has caused you.

The wonky spelling on the error message may well indicate that there are more hijinks going on than maintenance.

I wrote to SAMHSA to find out if the agency is aware of its hacked pages, if it’s actually fixing the problem, and why/how the hackers have managed to hawk boots for two months without being detected.

I hadn’t heard back by the time this article posted.

In the meantime, steer clear of counterfeit goods.

As Sophos’s Chester Wisniewski noted back in August 2011 when he wrote about Apple hiring a fake-Viagra expert to stop counterfeit iDevices, you’re not just running the risk of substandard quality with fake products.

In the case of fake computing gear, Sophos gets ample reports from consumers who’ve picked up cheap “third shift” products that are infected with malware directly from the factory, he said at the time.

You won’t get malware from fake, fashionable, fuzzy boots, but should you trust your credit card data to the people who sell them?

To quote my current favorite phrase from The Oatmeal comic, that sounds like a nice tall glass of “nope.”

Image of Ugg boots courtesy of Flickr user marie-II under Creative Commons license.